CVE-2014-0476

Severity CVSS v4.0:
Pending analysis
Type:
CWE-20 Input Validation
Publication date:
25/10/2014
Last modified:
12/04/2025

Description

The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:chkrootkit:chkrootkit:*:*:*:*:*:*:*:* 0.49 (including)
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:lts:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:lts:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*